Photo of Lauren E. Quigley

Lauren Quigley is a senior counsel in Dykema's Chicago office. Lauren represents financial institutions (including banks, credit unions, and fintech companies) in a variety of commercial and consumer services and products, including consumer loans and deposit products, payment products and services, online banking and electronic delivery channels and the legal and regulatory compliance requirements for those services.

Lauren works with clients to draft and structure consumer loan deposit documentation and disclosures, including compliance with applicable regulations (Regulation E, ESIGN compliance, NACHA Operating Rules and Guidelines, Regulation Z). Lauren has experience reviewing and drafting policies and procedures related to payment processing and various card and account products.

On August 11, 2021, the Federal Financial Institutions Examination Council (the “FFIEC”) issued new guidance on risk management principles for access to and authentication of electronic funds transfers for the first time in over a decade, titled Authentication and Access to Financial Institution Services and Systems (the “New Guidance”).[1] The New Guidance effectively replaces the FFIEC’s prior guidance on this topic, including its original guidance issued in 2005, Authentication in an Internet Banking Environment (the “Original Guidance”), and the supplement issued in 2011 in response to increased fraud in Internet-based financial transactions (the “Supplement,”[2] and together with the Original Guidance, the “Guidance”). The Guidance was intended to set regulatory expectations for financial institutions offering Internet-based financial services to both commercial and consumer customers.
Continue Reading An Enhanced Standard of Commercial Reasonableness for Security Procedures? The FFIEC Updates Its Authentication Guidance for Internet-Based Financial Services

We regularly work with financial institutions to navigate the challenges of implementing, maintaining, and using security procedures for commercial customers’ use of treasury management services. Security procedures are an integral part of the relationship between the financial institution and its commercial customers. Financial institutions offer (and frequently require) commercial customers to use the institution’s security procedures, which are agreed to be commercially reasonable, to originate payment orders (e.g., wire transfers and ACH Entries) from the customers’ accounts.

Issues often arise when one or more of a customer’s authorized users is not able to use his standard security procedures to access a financial institution’s physical or electronic payments systems to either originate or confirm a payment order. Due to the COVID-19 outbreak and concern over the implementation of preventative measures, including more companies asking or requiring employees to work remotely, financial institutions should consider which customers may need to update, amend or supplement the ways that its customers can make payments, whether this be through adding authorized users or implementing alternative methods to send payment orders.
Continue Reading Considerations for Financial Institutions Regarding Security Procedures for a Remote Workforce